Hi, if it is a linux agent, the restart-ossec.cmd will not work. You must use restart-ossec.sh.
Check out the documentation: - http://ossec-docs.readthedocs.io/en/latest/manual/ar/index.html - http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.active-response.html Regards. On Friday, September 23, 2016 at 3:53:44 PM UTC+2, F1LT3R wrote: > > I also see the above on a Linux box (Ubuntu 14). > > On Tuesday, April 21, 2015 at 10:07:28 AM UTC-4, Bob Jolliffe wrote: >> >> I am seeing the following in my ossec.log on a linux agent: >> >> ossec-execd: INFO: Active response command not present: >> '/var/ossec/active-response/bin/restart-ossec.cmd'. Not using it on >> this system >> >> It is true that command is not present. It looks maybe this is the >> command for a windows agent. What I do have is: >> >> /var/ossec/active-response/bin/restart-ossec.sh >> >> Is there a configuration option I need to set somewhere to tell what >> the active response command should be? >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
